Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update default DSA key length to 2048 bits #12136

Closed
wants to merge 1 commit into from
Closed

Update default DSA key length to 2048 bits #12136

wants to merge 1 commit into from

Conversation

Anderson-Xia
Copy link

@Anderson-Xia Anderson-Xia commented Apr 24, 2024
edited

A simple modification that updates default DSA key length to 2048 bits. Fix #12135 .

@glyph
Copy link
Member

glyph commented Apr 24, 2024

"Update default DSA key length to 2048 bits" should be a bit more specific here when writing the news fragment, because this is only updating the command-line ckeygen default key length for generating DSA keys. Also, as written, this doesn't really fix #12135 since that gestures broadly a "some files", and just cites this one as a specific example.

If you want to update that issue to be more specific to ckeygen's default DSA key size that would be adequate, but it would be even nicer to keep a tracking issue open and link a series of more specific issues as you work through them.

Finally, a citation for an actual authority on current key size practices would be good. 2048 is fine I guess, but it would be more secure to use 4096, so why not that? Or, you know, just future-proof it a little bit and make the key size 0x10000 and tack a new zero on every year? Clearly there's a tradeoff there and I don't want Twisted to be in the business of becoming an authority on that, we don't have any cryptographers around qualified to keep that number up to date, so an authority we can point to that we can update along with would be much better.

(Normally, delegating to the popular thing, i.e. OpenSSH, would be my preference, but it looks like OpenSSH currently has the same default you are calling "insecure" so maybe not)

@Anderson-Xia
Copy link
Author

Learned a lot.
I would explain that my concerns are partly based on NIST SP 800-57, where it says:

In addition, this revision adds a new section for Secure Shell (SSH). Specific changes in this revision include the following.
...
1024-bit RSA and DSA are no longer approved for generating digital signatures after 2013.
...

Thanks for replying. I will close this PR and consider better solutions.

@glyph
Copy link
Member

glyph commented Apr 24, 2024

Thanks for replying. I will close this PR and consider better solutions.

Thanks, looking forward to seeing your other ideas here! NIST is definitely not a bad place to start.

@glyph
Copy link
Member

glyph commented Apr 24, 2024

(Weird that this is 2015 and OpenSSH did not update their default yet in response; maybe nobody is really using it to generate DSA keys any more so there wasn't interest.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Continued Use of Insecure Default Parameters
2 participants
@Anderson-Xia @glyph